Awesome
Portfolio of audits and certificates
About me
Jakub Heba is a cybersecurity expert with almost eight years of experience in the industry. For three years associated with blockchain technology as a Smart Contract and Blockchain auditor. He has conducted over 80 audits of various protocols, mostly related to Decentralized Finances. He specializes in the security of contracts written in Rust, Golang and MOVE, in technologies such as CosmWasm, NEAR, Ink!, Substrate, Scrypto, MultiversX (Elrond), AssemblyScript (Massa) or Sui, as well as has a deep technical understanding of EVM and Solidity. He participated in assessments testing low-level aspects of blockchain technology, such as finality proof verifications, serialization libraries, rollups as well as implementations of bridges between many different ecosystems. He has experience in auditing Layer 1 Blockchains written in Rust, Golang and MOVE. Additionally, he has experience in testing offchain components such as wallets, infrastructures, oracles and Metamask Snaps. His experience covers also more niche languages, such as Pact, Noir and Rell. Before moving to Web3, he was a Lead Security Researcher and Penetration Tester managing a team of up to 10 engineers. He also specialized in low-level binary exploitation in both UNIX and Windows environments. Holder of OSCP, OSCE and Lead ISO27001 Auditor certificates.
CEO & Cofounder at Monethic. Currently, I'm also a Senior Blockchain Security Auditor at Oak Security, Sub7, Sayfer and Lead Smart Contract Security Auditor at Hacken.
For private audits or security consulting, please reach out to me on:
- Twitter - @JakubHeba
- LinkedIn - Jakub Heba
You can also request a quote on Monethic or Cantina.
Private & Solo Audits
| Protocol | Type | Report |
|---|---|---|
| Uncharted - GangsterArena v3 | Solidity, BLAST, Gaming | soon |
| Uncharted - Confidential | Solidity, BLAST, Gaming | soon |
| Confidential - Confidential | Solidity, MetaMorpho ERC4626 Vaults | soon |
| Razor DEX - Decentralized Exchange contracts | MOVE, Aptos, Sui | 📄 Report.pdf |
| Wolf Game - Cave Game, ERC721 | Solidity, BLAST | 📄 Report.pdf |
| Magic Beans - Magic Beans, OTC | Solana, Rust | 📄 Report.pdf |
| Orderly Network - Asset Manager Smart Contract | Rust, NEAR | 📄 Report.pdf |
| Cascadia Foundation - Liquidity Pools (Curve fork) Contracts | Solidity, Vyper | - |
| Holoride - Holoride Ethereum <> MultiversX bridge | Rust, MultiversX/Elrond | 📄 Report.pdf |
Audits in a team
| Protocol | Type | Report |
|---|---|---|
| Jellyverse - Jellyverse Staking, Vesting, Governance, ERC20 | Solidity, ERC20 | 📄 Report.pdf |
| Confidential - Confidential | Solidity, Gaming | soon |
| Layer Zero - Layer Zero V2 | Solana, Anchor, Rust | 📄 Report.pdf |
| Mysten Labs - Sui - Adapter & Verifier | MOVE, L1, Sui | 📄 Report.pdf |
| Volo Sui - VOLO Liquid Staking | MOVE, Sui | 📄 Report.pdf |
| Satay Finance - Satay Aptos | MOVE, Aptos | 📄 Report.pdf |
| Bifrost - Laverage Staking | Rust, Substrate | 📄 Report.pdf |
| Starlay Finance - Starlay Protocol WASM | Rust, ink! | 📄 Report.pdf |
| Ociswap - Scrypto AVL Tree Implementation | Scrypto, AVL Tree, Radix DLT | 📄 Report.pdf |
| Ociswap - Scrypto Math | Scrypto, Radix DLT | 📄 Report.pdf |
| Hyperlane - cw-hyperlane | Rust, CosmWasm | 📄 Report.pdf |
| Stader Labs - SD Token Staking | Rust, CosmWasm | 📄 Report.pdf |
| Astroport Concentrated Liq Pool - Injective Orderbook Integration | Rust, CosmWasm | 📄 Report.pdf |
| Astroport - Astral Assembly contracts | Rust, CosmWasm | 📄 Report.pdf |
| Astroport - Concentrated Liquidity Pool | Rust, CosmWasm | 📄 Report.pdf |
| Astroport - Astroport on Osmosis | Rust, CosmWasm | 📄 Report.pdf |
| Brokkr Protocol - Delta Neutral | Rust, CosmWasm | 📄 Report.pdf |
| Brokkr Protocol - Long Term Bonding | Rust, CosmWasm | 📄 Report.pdf |
| Osmosis Labs - Osmosis Transmuter | Rust, CosmWasm | 📄 Report.pdf |
| Stargaze - Reserve Auctions | Rust, CosmWasm | 📄 Report.pdf |
| Stargaze - Infinity Pool | Rust, CosmWasm | 📄 Report.pdf |
| Calculated Finance - Contracts | Rust, CosmWasm | 📄 Report.pdf |
| Hadron Labs - Lido Satellite | Rust, CosmWasm | 📄 Report.pdf |
| Snowfork - SSZ serialization library - Rust | Rust, library | 📄 Report.pdf |
| Membrane - Contracts | Rust, CosmWasm | 📄 Report.pdf |
| Coinhall - Genie | Rust, CosmWasm | 📄 Report.pdf |
| Snowbridge - Ethereum <=> Polkadot bridge | Rust, Solidity, Polkadot, Ethereum | 📄 Report.pdf |
| Snowbridge - Extension, Ethereum <=> Polkadot bridge | Rust, Solidity, Polkadot, Ethereum | 📄 Report.pdf |
| Ixo World - IXO Swap | Rust, CosmWasm | 📄 Report.pdf |
| Ninja Blaze - Ninja Blaze Double | Rust, CosmWasm | 📄 Report.pdf |
| Osmosis Labs - Osmosis Transmuter v3 | Rust, CosmWasm | 📄 Report.pdf |
| Astroport - Astroport Hub Neutron Migration | Rust, CosmWasm | 📄 Report.pdf |
| Yieldmos - Outpost Osmosis | Rust, CosmWasm | 📄 Report.pdf |
Certificates
- Offensive Security Certified Expert (OSCE) - Offensive Security OSCE proof
- Offensive Security Certified Professional (OSCP) - Offensive Security OSCP proof
- Lead ISO27001 Auditor - Information Security Management Systems (ISMS) Auditor/Lead Auditor (BS ISO/IEC 27001:2013)
CVE-s
- CVE-2019-10070 - Apache Atlas, Stored Cross Site Scripting
- CVE-2020-6856 - JOC Cockpit, Jobscheduler, XML External Entity
- CVE-2020-6854 - JOC Cockpit, Jobscheduler, Multiple Stored Cross Site Scripting
- CVE-2020-6855 - JOC Cockpit, Jobscheduler, Denial of Service
- CVE-2021-3584 - Foreman, Authenticated Remote Code Execution via Sendmail configuration